Vulnerabilities > Jenkins > Groovy

DATE CVE VULNERABILITY TITLE RISK
2019-03-08 CVE-2019-1003033 Unspecified vulnerability in Jenkins Groovy
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins
8.8
2019-02-06 CVE-2019-1003006 Missing Authorization vulnerability in Jenkins Groovy
A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
network
low complexity
jenkins CWE-862
8.8